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DETAILED ACTION 

1. Claims 1-12 are pending. 

2. Claims 1-3 are allowable. 

Reasons for Allowance 

3. In light of the interview of 10/13/05, the Examiner has allowed independent claim 1, and 
its depending claims 2 and 3. 

Previously, the Examiner argued the position that in any directory, such as a folder, there are 
entries that may be interpreted as proxy entries, in that these entries refer to a particular resource 
or file. It is understood by those of ordinary skill in the art that technically, a directory is merely 
a logical association, and that it is incapable of physical storage. For this reason, the Examiner 
has argued that any directory with items or files within it necessarily contains '*proxy" entries — 
entries that refer to a particular file by means of logical association as understood by the 
operating system or the file service. 

During the interview of 10/13/05, AppUcant's representative clarified the distinction in claim 1 
in which it is not the operating system or file system, but the application itself which "includes 
the logical mapping correlating each protected resource" with a corresponding proxy entry. 
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Applicant's representative has clarified the distinction made with regards to the arguments on 
page 8, last paragraph. 

The Examiner has found the arguments to be persuasive, accordingly, claim 1 is allowable. 



Response to Arguments 

4. The Examiner notes however, that the limitation that recites . .the application including 
a logical mapping that correlates each protected resource. . is not recited in the other 
independent claims. Independent claims 4, 6, and 8 recite that a logical mapping is "used" 
however does not explicitly recite that it is included within the application. It is believed that the 
addition of this element will render the other independent claims allowable. 

The crux of Applicant's arguments appear to be directed towards claim 1. 

In reference to claim 4: 

The cited document does not teach or even suggest making a proxy in the directory for outside 
resources. The Examiner however, contends that the recitation of an "external protected 
resource" may be understood in the art to refer to a reference located on another part of the 
network. In this sense, the resource is "external". 
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In reference to the arguments of claim 6, the Examiner notes that from the interpretation of proxy 
entry as argued by the Examiner, each entry within the directory may be considered a proxy 
entry. Furthermore, the AppUcant again recites the term "external protected resource". 
However, the Examiner notes that this term may be understood in the art to refer to a reference 
located on another part of the network. 

Claim 8 appears to be repetition of the arguments presented for claims 4 and 6. 



Claim Rejections - 35 USC § 102 
5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

Claims 4-12 are rejected under 35 U.S.C. 102(b) as being anticipated by "Understanding LDAP" 
by the International Technical Support Organization. 

In reference to claim 4: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses a method for a directory service that contains a proxy entry corresponding to an 
external protected resource to provide authentication and authorization functions to a software 
application, where the directory service is LDAP which contains proxy entries corresponding to 
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file resources which correspond to respective ACLs which, with the LDAP server software allow 
for authentication and authorization functions, the method comprising the steps of: 
• When the software application needs to access the external protected resource, 
performing the steps of: 

o Identifying a proxy entry that corresponds to the external protected resource, 
where the objects are listed as LDAP entries such as that shown in (Page 18, 
Figure 5) 

o The software application requesting from the directory service access to the proxy 
entry that corresponds to the external protected resource, where the application is 
the client software necessary to allow the user to browse LDAP directories such 
as that listed on (Page 18, Figure 5) 

o If the directory service grants access to the proxy entry that corresponds to the 
external protected resource, the application accesses the external protected 
resource, where the entries requested are then accessed if permission is granted. 
(Page 4, Section LI. 2 "Directory Clients and Servers") 

In reference to claim 5: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses the method of claim 4 fiirther comprising the steps of: 

If the directory service denies access to the proxy entry that corresponds to the external protected 
resource, the application does not access the protected resource, where the resource cannot be 
accessed if the access right for that object in the directory is not granted. 
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In reference to claim 6: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses a method for a directory service to provide authentication and authorization functions 
to a software application, the method comprising steps of: 

• Determining which of a plurality of resources require protection, where determining 
which of a plurality of resources requires is determined by attaching an ACL to each 
object. An object without an ACL for example, could be assumed to be accessible to 
anyone. 

• Creating a proxy entry in the directory service for each protected resource, where the 
proxy entry is a representation on the interface of the client software, of a resource on the 
server or a distributed system accessible by the server. (Page 18, Figure 5) 

• Generating a logical mapping that correlates each protected resource to its corresponding 
proxy entry, where a mapping is logically generated on the client interface in which the 
resource is not on the client system itself, but another system. (Page 18, Figure 5) 

• When the software application needs to access a selected protected resource, performing 
the steps of: 

o Using the logical mapping to identify a proxy entry that corresponds to the 
selected protected resource, where the logical mapping is from the directory 
entries on the client side to the resources on the server. (Page 6-7, Section 1.1.3 
"Distributed Directories") 
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o The software application requesting from the directory service access to the 
identified proxy entry, where the software is both the LDAP client and server. 

o If the directory service grants access to the identified proxy entry, the appUcation 
accesses the selected protected resource, where the LDAP server must verify the 
user against the details in the ACL for the resource before granting access. (Page 
7, Section LL4, Directory Security) - (Page 8, paragraph 1) 

In reference to claim 7: 

"Understanding LDAP" (Page 7, Section 1.L4, Directory Security) - (Page 8, paragraph 1) 
discloses the method of claim 6 fiirther comprising the step of 

If the directory service denies access to the proxy entry that corresponds to the selected protected 
resource, the application does not access the selected protected resource, where the resource 
cannot be accessed if the access right for that object in the directory is not granted 

In reference to claim 8: 

"Understanding LDAP" (Page 5, Figure 1) & (Page 18, Figure 5) discloses the program product 
comprising: 

• A software application that uses a logical mapping that correlates a plurality of protected 
resources that are not stored or contained within the directory with corresponding proxy 
entries in a directory service that is managed by a directory service server(LDAP server), 
the application determining whether the application is authorized to access a selected 
protected resource by invoking authentication and authorization fiinctions in the directory 
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service server to determinine whether the proxy entry corresponding to the selected 
resource may be accessed, and if so, the apphcation accesses the selected protected 
resource, (Authentication and Authorization pages 66-69) 

where a resource is logically mapped from the proxy in the client side representation of 
the server side resource, and is only accessed if a user is authenticated and authorized 
according to the permissions to the resource given in its ACL. (Page 7, Section 1.1.4 
Directory Security, paragraph 3) - (Page 8, 1^^ paragraph) 
• Computer-readable signal bearing media bearing the software application, where the 
signal bearing media bearing the software application is contained in the memory of the 
client and server, as well the hard drives, and the possible transmission media in the 
communications between the client and the server. 



In reference to claim 9: 

"Understanding LDAP" discloses the program product of claim 8 wherein the signal bearing 
media comprises recordable media, where it is understood that signal bearing media may 
comprise recordable media such as hard disk drives, CD-R, floppy disks, or other magnetic 
media, all necessary in bearing the data signals when the data is accessed from the media. 

In reference to claim 10: 
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"Understanding LDAP" discloses the program product of claim 8 wherein the signal bearing 
media comprises transmission media, where it is understood that in order for data to be 
transmitted from the client to the server, that some transmission media is needed and used. 

In reference to claim 1 1 : 

"Understanding LDAP" discloses the program product of claim 8 wherein the directory service 
server is a Lightweight Directory Access Protocol (LDAP) server, and wherein the directory is 
an LDAP directory. 

In reference to claim 12: 

"Understanding LDAP" discloses the program product of claim 8 wherein the application does 
not access the selected protected resource if the proxy entry corresponding to the selected 
resource cannot be accessed. 

(Page 7, Section 1.1.4 Directory Security, paragraph 3) - (Page 8, 1^^ paragraph) 



Conclusion 

6. The following art not rehed upon is made of record: 

• US patent 6463470, paragraphs 32-33 of the detailed description, discloses a method in 
which the LDAP server employs an application in which a logical mapping of access 
values is "accessible" to the application, but does not disclose that they are apart of the 
application. 
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• US patent 6466984, parargraphs 35-36 of the detailed description discloses a method in 
which the application fetches mapping information stored in the repository but again, 
does not state that the mapping is included in the applicaiton. 

7. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessftil, the examiner's supervisor, 
Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thomas. Ho6@uspto.Rov 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 fax: 571-273-8300 
Customer Service Representative Telephone: 571-272-2100 Fax: 571-273-8300 
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